- My LS
AML compliance for small firms – part one: conducting an AML risk assessment
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), which came into effect on 26 June 2017, have posed a challenge for firms of all sizes.
This three-part series looks at the MLR 2017 from the perspective of small firms and provides tips on effective compliance. More detailed information can be found in the legal sector anti-money laundering (AML) guidance.
What type of work is 'regulated'?
The MLR 2017 apply to firms that:
- buy and sell real property or business entities
- manage client money, securities or other assets
- open or manage bank, savings or securities accounts
- organise contributions necessary for creating, operating or managing companies
- create, operate or manage trusts, companies, foundations or similar structures
Activities that have a lower risk of exposure to money laundering are not covered, for example:
- paying costs to lawyers
- providing legal advice
- will writing
If your firm does a mixture of regulated and unregulated work, the MLR 2017 will apply to the regulated aspects only.
Your internal AML risk assessment should state that only some of your work is regulated. But the type and frequency of this work may still lead you to conclude your firm has a high risk of being targeted by criminals.
Doing an AML risk assessment
A key feature of the MLR 2017 is the ‘risk-based approach’ to preventing and detecting money laundering, and the specific requirement to undertake and maintain a documented practice-wide AML risk assessment.
There are no black and white rules that tell you your firm is at high risk of exposure to money laundering activity. The conclusions of your practice-wide risk assessment are a matter of judgment.
Factors that will play a part in setting your risk rating include:
- the type of work you do
- the countries in which your work takes place
- the types of clients you have
- how often you engage in regulated activities
You should also consider, as a minimum:
The SRA is likely to publish a revised risk assessment of the legal sector in spring 2020. Once this is available, you should review it and consider what updates may be necessary to your practice-wide risk assessment.
Keep a record
Regardless of the size of your practice or the amount of regulated work you do, you need to make sure your practice-wide AML risk assessment is written down.
It’s important to be self-critical when you do your risk assessment – regulators can ask to see it, especially if something goes wrong with compliance at your firm.
You should also keep a record of the sources you use to complete your AML risk assessment.
AML risk assessment reviews
Review your risk assessment regularly, to reflect changes in your circumstances or the sector-wide risk assessments. You should also keep note of when you carry out these reviews.
AML risk assessments at client and matter level
In addition to the practice-wide risk assessment, you need to undertake an AML risk assessment at client level and matter level. This will inform the way in which you conduct your customer due diligence and ongoing monitoring (part 3 of this series of articles).
Your processes for carrying out the client and matter level risk assessment should be set out in your practice-wide risk assessment.
Policies, controls and procedures
Your AML risk assessment should list the steps you take to mitigate the money laundering risk in your work. You should reference your policies, controls and procedures, and state clearly what you do when you identify a high-risk client or matter.
The conclusions of your risk assessment should feature in your policies, controls and procedures (part 2 of this series of articles).
Law Society resources
Getting your risk assessment in order – more tips on carrying out an AML risk assessment
Guide to detecting and preventing money laundering (PDF 1.5 MB) – published by the International Bar Association, the American Bar Association and the Council of Bars and Law Societies of Europe
Firm risk assessments – SRA guidance, including a template, to help you comply with the requirement to have a firm-wide AML risk assessment